ASP.NET OWIN sample 404 cannot be found on “/signin-auth0” on reauthenticate

Hi There,

We’d like to migrate to Auth0 but facing some issues integrating.

To reproduce:

• run the https://github.c
  

  auth0 owin 404 issue.JPG2563x1570 210 KB
  om/auth0-samples/auth0-aspnet-owin-mvc-samples/tree/master/Quickstart/01-Login sample, login using i.e. facebook everything works
• hit the back button, universal login loads, hit facebook again
• sample 404s on signin-auth0 as seen in screenshot

OpenIdConnectAuthenticationNotifications.AuthenticationFailed no fired, how to intercept this and handle this properly? While not common this is clearly an issue that needs graceful handling.

Updating Nuget packages to latest versions does not help.

This is on Windows 10 Visual Studio 2017 latest public versions…

Unfortunately, there does not seem to be an elegant way around this. When the OpenID Connect(OIDC) middleware initially gets invoked, it creates a nonce and stores this in a cookie. When the user completes the authentication on the Auth0 website and gets redirected back to your application, the OIDC middleware validates this nonce, and removes the cookie.

What happens in the scenario you described is that Auth0 once again redirects to your application, but this time around the nonce cannot get validated, because that cookie no longer exists.

I hoped that perhaps the AuthenticationFailed notification would get triggered so you can handle this more elegantly, but, as you pointed out, this does not seem to be the case. So in this scenario, I do not really see a way to handle this gracefully.

You may also try and ask this question on the Katana GitHub repository, since it is their middleware used in this example.

Due to this error, I cannot use the “Sign-In As User” functionality of Auth0. Looking for a resolution.